For a lot of people, passwords are one of the worst parts of dealing with technology. It’s not that we don’t want things to be secure, we do, but password management is hard. Making sure that you not only have a strong password, but that it’s unique to one place, and something you can remember is almost impossible.
But, like them or hate them, passwords go a long way in helping you protect your business. The challenge is helping your team create password habits that ensure strong passwords.
The challenges with (traditional) password management
Perhaps the biggest challenge with password management is that people struggle with them. We struggle to come up with strong passwords that meet very specific criteria, we struggle to remember those passwords, and we even struggle to create unique passwords for each site and service we use.
This is bad enough on a personal level, but when your business is on the line it becomes critical. The best approach is to find a way to remove the more human aspect of password management. If you can do this, you improve the quality of the passwords being used, create better habits around storing those passwords (like getting rid of plain text spreadsheets or Word docs with passwords stored on them), and you can all but eliminate employees using personal passwords at work.
What is a password manager?
A password manager is a security tool that looks after all things passwords. It stores them securely, so you don’t have to write them down. It can help you come up with strong passwords that meet the criteria you need for a password. And, password managers will often cut and paste your passwords (and other login data) into forms, to make sure you don’t enter the wrong password.
What’s really nice about password managers is that a lot of them exist in the cloud and can be used across devices. This means that you can sign up for a tool on your computer that helps you manage passwords on your tablet, phone, and any other compatible devices, so you have complete password coverage.
Password managers remove a lot of the human error from your security process (at least relating to passwords). This helps because, as mentioned above, passwords are something people struggle with and cybercriminals know this. It’s not usual for “dictionary attacks” to successfully guess a user’s password. This kind of attack basically runs through a dictionary in an attempt to guess your password. The more people rely on real words as passwords, the easier this can be.
The best practices while using a password manager
Password managers introduce best practices into your life simply by existing. They make it easy to create strong passwords that you don’t even need to remember because of their auto-complete features. Having said that, it’s always a good idea to review best practices.
- Don’t use the same passwords – This should be common practice by now, but it can be so hard to come up with a strong password that you remember that a lot of people end up doing it anyway. This is bad because if someone can crack your password for, say, your Gmail account, they have access to everything else you’ve ever used that password for. Password managers help by storing passwords for you, so you can use unique, hard-to-remember passwords for every site and service you use without much trouble.
- Don’t use obvious words – We mentioned above how easy it can be to crack passwords that use real words. The same holds true for variations of real words and even things that are close to your name. If someone has your last name and you’re using a password that contains your last name, it’s going to be cracked pretty quickly. This is why most places require a password to have a mix of numbers, letters, and symbols.
- Backup your data – If you can, regularly back up your password data. This helps ensure that if something goes horribly wrong, there is always a backup. Most 3rd party systems should have a solid backup system in place anyway, but it can’t hurt to regularly backup your data manually, just in case. No one wants to recreate every password they’re using.
- Choose a tool that you can easily use – As with most things, you can’t choose a tool that’s too complex or people aren’t going to use it. This isn’t limited to employees. If it’s hard to deploy, it also won’t get used. Find something that can be easily implemented and is super user-friendly.
- Use two-factor authentication (2FA) whenever possible – 2FA adds another layer of security that protects your business. With 2FA, you’re using a password, but also asked to verify using a secondary device, like your phone. This ensures that even if someone does learn your password they can’t access your business network without also having access to the device. When used in combination with a password manager (or if your password manager offers 2FA) you greatly reduce the chance of someone gaining access to your business data.
- Use something that works across all platforms – A password manager is useless if it doesn’t help with all devices you use for work. Make sure you use something that can be used on both Android and iPhone, as well as PCs and Apple computers.
- Use passwords generated by the manager – We’ll touch on this a bit more below, but if you have the option to use generated passwords, use them. Doing this eliminates a lot of the bad habits that can creep up when we choose passwords. You may have to tweak things a little to make sure that the generated password fits the requirements, but often you don’t have to do much.
The ideal change cycle
It wasn’t that long ago that it was recommended that you change passwords regularly, at least once a quarter, to make sure everything was as secure as possible. Recently, however, there’s been a shift in this thinking. Security organizations are starting to recommend that you pick a very strong password and stick with it.
The reasoning behind this shift is that if you make people pick a new password every few months, they’re eventually going to struggle to come up with new, strong passwords and rely on bad habits, like taking the same password from the last cycle and either adding another character or changing one character.
Want help with password management?
Like a lot of things, password management can be a lot of work. If your IT team needs help making sure that your business is using good passwords or if you need to get a password manager in place, let’s talk. Our teams have more than 20 years of experience and can help you keep your business safe. Contact us today to learn more about how we can help.